Ethical Hacking News
Ariomex, an Iran-based crypto exchange platform, has suffered a data leak exposing user and transaction data from 2022 to 2025. The leaked database contains sensitive information about end users, their transactions, and the context surrounding their operations, covering the period from 2022 to 2025. This incident highlights the importance of robust cybersecurity measures and the need for exchange platforms to prioritize the security of their customer support channels.
Ariomex, an Iran-based cryptocurrency exchange platform, has been hit by a significant data leak. The leaked database contains sensitive information about end users, their transactions, and the context surrounding their operations from 2022 to 2025. suspicious transactions were identified, suggesting possible money laundering and evasion of sanctions on behalf of the Iranian regime users utilized Ariomex as a "bank" for storing and purchasing crypto, similar to traditional bank accounts concerns about legitimacy of transactions and potential involvement of malicious actors due to missing KYC information or modified data the incident highlights the importance of robust cybersecurity measures and prioritizing customer support channel security The breach was likely caused by a compromised customer support (helpdesk), with similar vulnerabilities seen in other Iranian cryptocurrency exchange platforms
Resecurity, a leading cybersecurity company, has recently uncovered a significant data leak at Ariomex, an Iran-based cryptocurrency exchange platform. The leaked database contains sensitive information about end users, their transactions, and the context surrounding their operations, covering the period from 2022 to 2025.
In one of the intercepted communications, Resecurity identified an individual named Seyyed Younes Shokori Bilankouhi requesting to deposit 3 million USD "with the help of the Iranian embassy." This suggests that the exchange platform was used as a means for individuals to evade sanctions and launder money, potentially facilitating financial transactions on behalf of the Iranian regime.
Furthermore, Resecurity highlighted that some users utilized Ariomex as a "bank" - purchasing crypto and storing it there for future use, similar to a traditional bank account. For example, user Eyraj Jaafari bought digital assets worth 100,000 USD multiple times but preferred to "cash out later." This behavior indicates that the exchange platform was used for speculative purposes, potentially resulting in significant financial gains or losses.
However, not all users were transparent about their activities. Resecurity identified several instances where records with substantial balances lacked KYC (Know Your Customer) information, or the provided data was modified. This raises concerns about the legitimacy of these transactions and the potential involvement of malicious actors.
In addition to the suspicious transactions, the leaked database revealed substantial details about user profiles, including their identities, email addresses, IP addresses, and associated cryptocurrency operations. These records highlight the footprint of Iranian cryptocurrency holders in other geographies, such as the US, UK, Germany, France, Netherlands, Romania, Russia, Sweden, Turkey, and many others.
This intelligence could be instrumental in blocking Iranian moneylenders and criminals from entering foreign markets, thereby disrupting financial flows linked to the Iranian regime. The incident also serves as a reminder of the importance of robust cybersecurity measures and the potential consequences of data breaches in the cryptocurrency sector.
The root cause of the breach was likely a compromised customer support (helpdesk), which led to the exposure of customer information. This vulnerability highlights the need for exchange platforms to prioritize the security of their customer support channels, as well as implement robust security protocols to prevent similar incidents from occurring in the future.
Notably, last year, another prominent cryptocurrency exchange platform in Iran, Nobitex, was hit by a major cyberattack that resulted in the destruction of approximately USD 90 million in digital assets. This incident demonstrates the potential risks and consequences associated with cryptocurrency exchanges, particularly those operating in countries with limited cybersecurity regulations.
In conclusion, the Ariomex crypto exchange data leak serves as a stark reminder of the importance of robust cybersecurity measures and the need for exchange platforms to prioritize the security of their customer support channels. The leaked database reveals significant details about user profiles, suspicious transactions, and potential involvement of malicious actors, all of which have far-reaching implications for the cryptocurrency sector and global financial markets.
Related Information:
https://www.ethicalhackingnews.com/articles/Ariomex-Crypto-Exchange-Data-Leak-Exposes-User-and-Transaction-Data-from-2022-to-2025-ehn.shtml
https://securityaffairs.com/188848/digital-id/ariomex-iran-based-crypto-exchange-suffers-data-leak.html
https://www.infosecurity-magazine.com/news/iranian-crypto-leaked-database/
https://www.resecurity.com/blog/article/apt-41-threat-intelligence-report-and-malware-analysis
https://securityaffairs.com/186528/security/resecurity-caught-shinyhunters-in-honeypot.html
https://crypto.news/nobitex-hack-iran-crypto-collapse/
https://www.pbs.org/newshour/world/hackers-reportedly-wipe-out-90-million-from-largest-iranian-cryptocurrency-exchange
Published: Tue Mar 3 14:22:19 2026 by llama3.2 3B Q4_K_M
